Ejemplo n.º 1
0
    def test_lookup_rdata_ip(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        records = [
            '{"count":51,"time_first":1403544512,"time_last":1417464427,"rrname":"farsighsecurity.com.","rrtype":"A","'
            'rdata":"66.160.140.81"}',
            '{"count":4,"time_first":1404485629,"time_last":1406648461,"rrname":"www.farsighsecurity.com.","rrtype":"A'
            '","rdata":"66.160.140.81"}',
            '{"count":6350,"time_first":1380123423,"time_last":1427869045,"rrname":"farsightsecurity.com.","rrtype":"A'
            '","rdata":"66.160.140.81"}',
            '{"count":5059,"time_first":1380139330,"time_last":1427881899,"rrname":"www.farsightsecurity.com.","rrtype'
            '":"A","rdata":"66.160.140.81"}',
            '{"count":1523,"time_first":1381265271,"time_last":1427807985,"rrname":"archive.farsightsecurity.com.","rr'
            'type":"A","rdata":"66.160.140.81"}',
        ]
        ip = '66.160.140.81'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{ip}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rdata',
                type='ip',
                ip=ip,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='\n'.join(records))

        for rrset in c.lookup_rdata_ip(ip):
            assert rrset == json.loads(records[0])
            records = records[1:]
        assert len(records) == 0
Ejemplo n.º 2
0
    def test_lookup_rrset(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        records = [
            '{"count":1820,"zone_time_first":1374250920,"zone_time_last":1589472138,"rrname":"farsightsecurity.com.",'
            '"rrtype":"NS","bailiwick":"com.","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy'
            '.com."]}',
            '{"count":6350,"time_first":1380123423,"time_last":1427869045,"rrname":"farsightsecurity.com.","rrtype":"'
            'A","bailiwick":"farsightsecurity.com.","rdata":["66.160.140.81"]}',
        ]
        name = 'farsightsecurity.com'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='\n'.join(records))

        for rrset in c.lookup_rrset(name):
            assert rrset == json.loads(records[0])
            records = records[1:]
        assert len(records) == 0
Ejemplo n.º 3
0
    def test_rrset_rrtype(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        records = [
            '{"count":6350,"time_first":1380123423,"time_last":1427869045,"rrname":"farsightsecurity.com.","rrtype":"A"'
            ',"bailiwick":"farsightsecurity.com.","rdata":["66.160.140.81"]}',
            '{"count":36770,"time_first":1427897872,"time_last":1538008183,"rrname":"farsightsecurity.com.","rrtype":"A'
            '","bailiwick":"farsightsecurity.com.","rdata":["104.244.13.104"]}',
            '{"count":6428,"time_first":1538047094,"time_last":1589544286,"rrname":"farsightsecurity.com.","rrtype":"A"'
            ',"bailiwick":"farsightsecurity.com.","rdata":["104.244.14.108"]}',
            '{"count":628,"time_first":1374098930,"time_last":1380124067,"rrname":"farsightsecurity.com.","rrtype":"A",'
            '"bailiwick":"farsightsecurity.com.","rdata":["149.20.4.207"]}',
        ]
        name = 'farsightsecurity.com'
        rrtype = 'A'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}/{rrtype}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                rrtype=rrtype,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='\n'.join(records))

        for rrset in c.lookup_rrset(name, rrtype=rrtype):
            assert rrset == json.loads(records[0])
            records = records[1:]
        assert len(records) == 0
Ejemplo n.º 4
0
    def test_rdata_name_rrtype(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        records = [
            '{"count": 7, "time_first": 1380044973, "time_last": 1380141734, "rrname": "207.4.20.149.in-addr.fsi.io.",'
            ' "rrtype": "PTR", "rdata": "farsightsecurity.com."}',
            '{"count": 3, "time_first": 1372650830, "time_last": 1375220475, "rrname": "7.0.2.0.0.0.0.0.0.0.0.0.0.0.0.'
            '0.6.6.0.0.1.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.", "rrtype": "PTR", "rdata": "farsightsecurity.com."}',
            '{"count": 11, "time_first": 1380141403, "time_last": 1381263825, "rrname": "81.64-26.140.160.66.in-addr.a'
            'rpa.", "rrtype": "PTR", "rdata": "farsightsecurity.com."}',
            '{"count": 4, "time_first": 1373922472, "time_last": 1374071997, "rrname": "207.192-26.4.20.149.in-addr.ar'
            'pa.", "rrtype": "PTR", "rdata": "farsightsecurity.com."}',
        ]
        name = 'farsightsecurity.com'
        rrtype = 'PTR'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}/{rrtype}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rdata',
                type='name',
                name=name,
                rrtype=rrtype,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='\n'.join(records))

        for rrset in c.lookup_rdata_name(name, rrtype=rrtype):
            assert rrset == json.loads(records[0])
            records = records[1:]
        assert len(records) == 0
Ejemplo n.º 5
0
    def test_rate_limit(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')

        requests_mock.get(
            '{server}/lookup/rate_limit?swclient={swclient}&version={version}'.
            format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            json={})

        c.rate_limit()
Ejemplo n.º 6
0
    def _run_test(requests_mock, input: dict, expected_readable: str):
        client = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        requests_mock.get(
            '{server}/lookup/rate_limit?swclient={swclient}&version={version}'.
            format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            json=input)

        # The context is tested in TestBuildLimitsContext
        res = DNSDB.dnsdb_rate_limit(client, None)
        assert res.readable_output == expected_readable
        assert res.outputs_prefix == 'DNSDB.Rate'
        assert isinstance(res.outputs, dict)
Ejemplo n.º 7
0
    def test_summarize_rdata_name_empty(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        name = 'farsightsecurity.com'

        requests_mock.get(
            '{server}/summarize/{mode}/{type}/{name}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rdata',
                type='name',
                name=name,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='')

        with pytest.raises(DNSDB.QueryError):
            c.summarize_rdata_name(name)
Ejemplo n.º 8
0
    def test_headers(self, requests_mock):
        apikey = 'abcdef'
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, apikey)

        requests_mock.get(
            '{server}/lookup/rate_limit?swclient={swclient}&version={version}'.
            format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            json={},
            request_headers={
                'Accept': 'application/json',
                'X-API-Key': apikey,
            })

        c.rate_limit()
Ejemplo n.º 9
0
    def _run_test(requests_mock, args: dict, input: dict,
                  expected_readable: str, expected_output_prefix: str,
                  expected_outputs: list):
        client = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        requests_mock.get(
            f'{DNSDB.DEFAULT_DNSDB_SERVER}/lookup/rdata/{args["type"]}/{args["value"]}'
            f'?limit={args["limit"]}'
            f'&swclient=demisto-integration&version=v2.0',
            text=input)

        for v in args.values():
            assert isinstance(v, str)

        res = DNSDB.dnsdb_rdata(client, args)

        assert res.readable_output == expected_readable
        assert res.outputs_prefix == expected_output_prefix
        assert res.outputs == expected_outputs
Ejemplo n.º 10
0
    def test_summarize_rdata_ip_empty(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        ip = '66.160.140.81'

        requests_mock.get(
            '{server}/summarize/{mode}/{type}/{ip}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rdata',
                type='ip',
                ip=ip,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='')

        with pytest.raises(DNSDB.QueryError):
            c.summarize_rdata_ip(ip)
Ejemplo n.º 11
0
    def test_404(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        name = 'farsightsecurity.com'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            status_code=404,
            text='error')

        for rrset in c.lookup_rrset(name):
            pytest.fail('received {0}'.format(rrset))  # pragma: no cover
Ejemplo n.º 12
0
    def test_summarize_rdata_ip(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        record = '{"count":51,"num_results":5,"time_first":1403544512,"time_last":1417464427}'
        ip = '66.160.140.81'

        requests_mock.get(
            '{server}/summarize/{mode}/{type}/{ip}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rdata',
                type='ip',
                ip=ip,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text=record)

        rrset = c.summarize_rdata_ip(ip)
        assert rrset == json.loads(record)
Ejemplo n.º 13
0
    def test_max_count(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        name = 'farsightsecurity.com'
        max_count = 100

        requests_mock.get(
            '{server}/summarize/{mode}/{type}/{name}?max_count={max_count}'
            '&swclient={swclient}&version={version}'.format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                max_count=max_count,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION),
            text='{}')

        for rrset in c.summarize_rrset(name, max_count=max_count):
            pytest.fail('received {0}'.format(rrset))  # pragma: no cover
Ejemplo n.º 14
0
    def test_summarize_rrset(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        record = '{"count":6350,"num_results":3,"time_first":1380123423,"time_last":1427869045}'
        name = 'farsightsecurity.com'

        requests_mock.get(
            '{server}/summarize/{mode}/{type}/{name}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text=record)

        rrset = c.summarize_rrset(name)
        assert rrset == json.loads(record)
Ejemplo n.º 15
0
    def _run_test(requests_mock, args: dict, input: dict,
                  expected_readable: str, expected_output_prefix: str,
                  expected_outputs: dict):
        client = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        requests_mock.get(
            f'{DNSDB.DEFAULT_DNSDB_SERVER}/summarize/rrset/name/{args["owner_name"]}'
            f'?limit={args["limit"]}'
            f'&max_count={args["max_count"]}'
            f'&swclient=demisto-integration&version=v2.0',
            json=input)

        for v in args.values():
            assert isinstance(v, str)

        res = DNSDB.dnsdb_summarize_rrset(client, args)

        assert res.readable_output == expected_readable
        assert res.outputs_prefix == expected_output_prefix
        assert res.outputs == expected_outputs
Ejemplo n.º 16
0
    def test_500(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        name = 'farsightsecurity.com'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            status_code=500,
            text='{}\nerror')

        with pytest.raises(CommonServerPython.DemistoException):
            for rrset in c.lookup_rrset(name):
                pytest.fail('received {0}'.format(rrset))  # pragma: no cover
Ejemplo n.º 17
0
    def test_rrset_rrtype_bailiwick(self, requests_mock):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        records = [
            '{"count":19,"zone_time_first":1372609301,"zone_time_last":1374164567,"rrname":"farsightsecurity.com.","rrt'
            'ype":"NS","bailiwick":"com.","rdata":["ns.lah1.vix.com.","ns1.isc-sns.net.","ns2.isc-sns.com.","ns3.isc-sn'
            's.info."]}',
            '{"count":157,"zone_time_first":1359047885,"zone_time_last":1372522741,"rrname":"farsightsecurity.com.","rr'
            'type":"NS","bailiwick":"com.","rdata":["ns.sjc1.vix.com.","ns.sql1.vix.com."]}',
            '{"count":1820,"zone_time_first":1374250920,"zone_time_last":1589472138,"rrname":"farsightsecurity.com.","r'
            'rtype":"NS","bailiwick":"com.","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com'
            '."]}',
            '{"count":58,"time_first":1372688083,"time_last":1374165919,"rrname":"farsightsecurity.com.","rrtype":"NS",'
            '"bailiwick":"com.","rdata":["ns.lah1.vix.com.","ns1.isc-sns.net.","ns2.isc-sns.com.","ns3.isc-sns.info."]'
            '}',
            '{"count":17,"time_first":1360364071,"time_last":1372437672,"rrname":"farsightsecurity.com.","rrtype":"NS",'
            '"bailiwick":"com.","rdata":["ns.sjc1.vix.com.","ns.sql1.vix.com."]}',
            '{"count":853787,"time_first":1374172950,"time_last":1589549475,"rrname":"farsightsecurity.com.","rrtype":"'
            'NS","bailiwick":"com.","rdata":["ns5.dnsmadeeasy.com.","ns6.dnsmadeeasy.com.","ns7.dnsmadeeasy.com."]}',
        ]
        name = 'farsightsecurity.com'
        rrtype = 'NS'
        bailiwick = 'com'

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}/{rrtype}/{bailiwick}?swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                rrtype=rrtype,
                bailiwick=bailiwick,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            text='\n'.join(records))

        for rrset in c.lookup_rrset(name, rrtype=rrtype, bailiwick=bailiwick):
            assert rrset == json.loads(records[0])
            records = records[1:]
        assert len(records) == 0
Ejemplo n.º 18
0
    def _test_time_param(requests_mock, param: str):
        c = DNSDB.Client(DNSDB.DEFAULT_DNSDB_SERVER, '')
        name = 'farsightsecurity.com'
        when = time.time()

        requests_mock.get(
            '{server}/lookup/{mode}/{type}/{name}?{param}={when}&swclient={swclient}&version={version}'
            .format(
                server=DNSDB.DEFAULT_DNSDB_SERVER,
                mode='rrset',
                type='name',
                name=name,
                param=param,
                when=when,
                swclient=DNSDB.SWCLIENT,
                version=DNSDB.VERSION,
            ),
            status_code=404)

        for rrset in c.lookup_rrset(name, **{param: when}):
            pytest.fail('received {0}'.format(rrset))  # pragma: no cover